1. Technical Field
The subject matter described herein generally relates to the field of managing servers (physical or virtual) of a network domain and, in particular, to automatically labeling servers and creating communication rules for the labeled servers.
2. Background Information
Servers (physical or virtual) of an administrative domain are managed according to a policy. For example, a security policy might specify access control and/or secure connectivity, while a resource-usage policy might specify usage of the administrative domain's computing resources (e.g., disks and/or peripherals). Conventional policies reference physical devices and are expressed in terms of low-level constructs such as Internet Protocol (IP) addresses, IP address ranges, subnetworks, and network interfaces. These low-level constructs make it difficult to write a fine-grained policy in an abstract and natural way.
Conventional techniques for setting up policies use whitelist models based on rules that exhaustively list permissible actions. Configuring such lists can be very time consuming for administrative domains with large numbers of servers. Furthermore, if the servers are reconfigured or repurposed, the policies applicable to the servers may change and require new lists.